On a side note, the network hash has increased to the point where we are now less than than 45% so new user registrations have automatically unlocked so there are some slots available.
They will automatically lock again if we exceed the 45% threshold.
Wow, that didn't take long. Back up to 46% and registrations properly locked again. Anyhow, if your interested in an account keep an eye on the network hash. As it increases our registrations will automatically unlock.
|
|
|
On a side note, the network hash has increased to the point where we are now less than than 45% and new user registrations have automatically unlocked so there are some slots available. They will automatically lock again if we exceed the 45% threshold. http://silverwolf.ath.cx/sbcThanks ! Wow, that didn't take long. Back up to 46% and registrations properly locked again. Anyhow, if your interested in an account keep an eye on the network hash. As it increases our registrations will automatically unlock.
|
|
|
Thank You !
Hows the crate working for you ? I've heard that it makes a big difference but haven't tried it yet myself ?
Makes things a lot neater and the airflow is pretty good. Lol its a pretty ugly setup because I didn't have the right tools to cut out parts of the crate. I'll finish everything up tomorrow but I'm just glad everything's working right now Sounds sweet! You should post a pic!
|
|
|
On a side note, the network hash has increased to the point where we are now less than than 45% and new user registrations have automatically unlocked so there are some slots available. They will automatically lock again if we exceed the 45% threshold. http://silverwolf.ath.cx/sbcThanks !
|
|
|
On a side note, the network hash has increased to the point where we are now less than than 45% so new user registrations have automatically unlocked so there are some slots available.
They will automatically lock again if we exceed the 45% threshold.
|
|
|
RESERVED FOR DONATORS:
noble - 100% FiiNALiZE - 100% peonminer - 100% ROGGOR - 100% ManOfKnight - 100% yonsje - 50% Ethera - 10%
Thank You guys !
(If I missed anyone, please let me know !!)
|
|
|
What a faggot.
He deserves to have his IP DoS'd
I don’t disagree with that assessment, lol. We will recover, it's just a matter of time. Well I finally transferred my rig into a plastic crate. I'll donate 100% for 12 hours. That should help a bit. All other pool operators should ban his IP. Thank You ! Hows the crate working for you ? I've heard that it makes a big difference but haven't tried it yet myself ?
|
|
|
I would like to give a shout out to "noble" who is donating 100% of his mining income. I'm assuming it's to help us recover. I haven't spoken with him I just noticed him on the PPLNS status list right next to me, at the bottom, lol.
Thank You.
I will remember your assistance and once the pool is back in the black I will make it up to you!
|
|
|
What a faggot.
He deserves to have his IP DoS'd
I don’t disagree with that assessment, lol. We will recover, it's just a matter of time.
|
|
|
Yeah, more or less the 'every 60s approach'. It mimics the safety of the auto-withdraws, which is good. Good luck with it. Nothing worse than someone cheating the system.
Agreed. and thank you.
|
|
|
I am increasing mine to 5% donation. Have you fixed the issue that allowed the individual to do that?
Thank You for helping ! I'm pretty sure he used some kind of software or plugin to submit the post data for a manual withdrawal several times in rapid succession (all within the same second), this resulted in multiple payouts being started before the first payout was completed and his balance was reset to 0. Automatic withdrawals are not subject to this vulnerability because they are run by the cron job. They cannot be triggered manually. Manual Withdraws have been disabled completely. Automatic Withdraws are working normally. I will not re-enable Manual Withdraws until I'm certain the issue has been fixed. So we are safe from this happening again, we just won't be able to do manual withdrawals until I can figure it out. Hey, about you delete that post...for obvious reasons. Well... I don't know about that. Transparency is important. This attack is out there and being used regardless if I leave this post up. Other pool owners need to be aware of this attack so they can modify their pools to prevent it. Leaving it in the dark only helps the people doing the thieving in my opinion. A more careful thief might have been able to continue doing this without being discovered. I'm certain it's happening right now to other pools based upon the same or similar mmcFE code. Does anyone else have an opinion about leaving this data up or taking it down ? I would consider taking it down if I'm the only one who thinks leaving it up is a good idea. If I had a way to make it available to only the pool operators or the developer than I would, but I don't. This same code has been forked a dozen times and is being used by tons and tons of pools.
|
|
|
I am increasing mine to 5% donation. Have you fixed the issue that allowed the individual to do that?
I'm pretty sure he used some kind of software or plugin to submit the post data for a manual withdrawal several times in rapid succession (all within the same second), this resulted in multiple payouts being started before the first payout was completed and his balance was reset to 0. Automatic withdrawals are not subject to this vulnerability because they are run by the cron job. They cannot be triggered manually. Manual Withdraws have been disabled completely. Automatic Withdraws are working normally. I will not re-enable Manual Withdraws until I'm certain the issue has been fixed. So we are safe from this happening again, we just won't be able to do manual withdrawals until I can figure it out. probably want to consider wrapping the process in a transaction, doing the db updates first (update balance, insert into ledger), then the coin send (if the previous sql succeeded), and if the coin send succeeds commit, otherwise rollback. Just a suggestion. That might still be vulnerable to the same kind of attack, I'm not sure. What I'm thinking is I'm going to separate the actual send function from the front end completely. Like this : 1. The user hits the withdrawal button and a flag is set in the database. 2. 1 minute later when the cron job runs again it will send the payment, adjust the balance and ledger, and reset the flag. That way, no matter what you can't trigger multiple payments, you'd just be setting the flag over and over again. It wouldn't have any effect. It would mean a short delay (up to 1 minute) in sending manual payments, but that's a pretty small inconvenience and it would help prevent new kinds of attacks as well.
|
|
|
I am increasing mine to 5% donation. Have you fixed the issue that allowed the individual to do that?
Thank You for helping ! I'm pretty sure he used some kind of software or plugin to submit the post data for a manual withdrawal several times in rapid succession (all within the same second), this resulted in multiple payouts being started before the first payout was completed and his balance was reset to 0. Automatic withdrawals are not subject to this vulnerability because they are run by the cron job. They cannot be triggered manually. Manual Withdraws have been disabled completely. Automatic Withdraws are working normally. I will not re-enable Manual Withdraws until I'm certain the issue has been fixed. So we are safe from this happening again, we just won't be able to do manual withdrawals until I can figure it out.
|
|
|
Update from Silverwolf's SBC Pool: http://silverwolf.ath.cx/sbcTo: everyone running an SBC pool. We've had an incident where a user managed to abuse the manual withdraw system and stole coins from the pool. Manual withdraws have been disabled until I can find & fix the problem. Automatic withdrawals are working normally. I've put all my miners on with 100% donation to help the pool recover. The pool will recover in about two days (Sooner if other people choose to help). The point of this post is to warn other pool operators about this user (as much as possible anyway.)Username is mysbl This is how many coins this user withdrew : 2641.66263495 This is how many coins this user earned : 306.65277 The ip address this user connected from is : 173.230.118.194 The payout address for this user is sMQwLiymakEmXqLa5TK51sTmnMe2BUdNUv If anyone wishes to help out you can donate directly to the pool by sending here : sftK67MrwsbchASciNJ3FwCvhZqZaniqBZ Thank You. Also, any pool operators that are using code based upon mmcFE or any or it's forks you should disable manual withdrawals until you can fix the vulnerability.
|
|
|
The pool is a bit underfunded at the moment due to the theft.
If anyone would like to help us recover, please set a generous donation percentage.
Thank You
I'm putting all 3 of my miners on the pool with 100% donation percentage. This will bring us back into the black, but it will take about two days. Your donations are appreciated. If you wish to you may donate directly to the pool by sending to this address : sftK67MrwsbchASciNJ3FwCvhZqZaniqBZ
|
|
|
The pool is a bit underfunded at the moment due to the theft.
If anyone would like to help us recover, please set a generous donation percentage.
Thank You
|
|
|
One of our users "mysbl" has figured out how to abuse the manual payout system and has stolen approx 2,300 coins from the pool.
I have disabled manual payouts until I can find & fix the vunerability. In the mean time please use the automatic payout threshold to withdraw coins.
Thanks so much "mysbl" for ruining it for the rest of us.
This is how many coins this user withdrew : 2641.66263495 This is how many coins this user earned : 306.65277 It is userID : 432 The ip address this user connected from is : 173.230.118.194
|
|
|
Hashrate rising, I think this coin is going places. Definitly more popular than Meme, Hyper, and a handful more that hit cryptsy.
+1
|
|
|
Silverwolf's SBC Pool http://silverwolf.ath.cx/sbc* Added networkhash display * Added automatic user registration cap when pool exceeds 45% of network hash. (Currently at 48.56%) WE NEED MORE POOLS!!!
|
|
|
|